COOP and Disaster Recovery with Symantec
Agenda 1 Setting the Stage 2 Evolving Continuity Landscape 3 Proven Approach to Succeed 4 Symantec Solution Overview 5 Conclusions and Recommendations 2007 Symantec Corporation, All Rights Reserved 2
The current homeland security environment with the continuing threat of mass casualty terrorism and the constant risk of natural disasters now demands that the Federal government actively prepare and encourage the Nation as a whole to plan, equip, train, and cooperate for all types of future emergencies, including the most catastrophic. The White House, Lessons Learned from Katrina, February 2006 2007 Symantec Corporation, All Rights Reserved 3
Homeland security will get renewed focus, but on different priorities, with increased funding for natural disaster relief and preparation. The health IT market will also receive a boost with spending projected to increase steadily over the next five years. INPUT Forecasts Federal IT Spending to Surpass $93 Billion by FY11, March 26, 2006 2007 Symantec Corporation, All Rights Reserved 4
COOP/DR What is the Difference between Continuity of Operations and Disaster Recovery? Often used interchangeably but key differences CONTINUITY OF OPERATIONS(COOP): Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. DISASTER RECOVERY (DR): Process of developing advance plans and procedures enabling an organization to respond to a disruptive event and restore the Information Technology infrastructure supporting critical business functions Similar Terms: Contingency Planning, Business Resumption Planning 2007 Symantec Corporation, All Rights Reserved 5
BC/DR Industry View Key Definitions RECOVERY REQUIREMENTS: The resources needed to support a critical business unit s essential functions in the event of a disaster. Recovery Requirements should include manual work tools such as forms and work in progress (WIP) and extend to the supporting applications and technology infrastructure. Care should be given to account for specialized needs such as magnetic printers or imaging devices. 2007 Symantec Corporation, All Rights Reserved 6
Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering Global Clustering Replication and Remote Mirroring >RPO/RTO LAN Clustering Storage Checkpoints Online Volume Management Local Clustering (HA) Online Volume Management, Storage Checkpoints, Point-in-Time Copies Vaulting Backup Data Protection (Backup, Recovery, Vaulting) Security Security Management (Firewall, IPS/IDS, Critical Systems Protection, Encryption, VM, AV) Low-Level SLA Medium-Level SLA High-Level SLA INVESTMENT 2007 Symantec Corporation, All Rights Reserved 7
Ongoing Challenges for Achieving Operational Continuity Cost Risk Security Availability Performance Security Threats Continuity Compliance Complexity Web Server Application Database Server Storage 2007 Symantec Corporation, All Rights Reserved 8
List of IT Risks That Create Outages is Growing Business Risk Other Risks Market risk Credit risk Interest rate risk Currency risk Operational Risks Non IT Risks Business process People and talent Environment Physical infrastructure IT Risks Security Risk Availability Risk Performance Risk Scalability Risk Recoverability Risk Compliance Risk Computer crimes Internal breaches Cyber terrorism Configuration changes Lack of redundancy in architectures Human errors Distributed architectures Peak Demand Heterogeneity in the IT landscape Business growth Provisioning bottlenecks Silo-ed architectures Hardware and/or software failures External threats such as security Natural disasters Government regulations Corporate governance guidelines Internal policy 2007 Symantec Corporation, All Rights Reserved 9
IT Risks For A Government Tax Collection Organization Security Risk Availability Risk Performance Risk Scalability Risk Recoverability Risk Compliance Risk Identity Theft Inability to Process Transactions Form Entry Bottleneck Inability to Handle Demand Non Reconciliation of Accounts Procedural Compliance Unauthorized access to or compromise of citizen data stored on the network System or network failure interrupts the ability process transactions Citizens can t transmit their returns or check refund status during peak season because of access bottlenecks in the infrastructure Systems unable to handle unforecasted growth in electronic submissions Data center disaster results in transaction loss Loss of data results in incomplete reconciliation of accounts Inability to audit who accessed what and validate that internal procedures and external guidance has been followed Must address all to achieve operational continuity 2007 Symantec Corporation, All Rights Reserved 10
Case Development Get the problem statement right: recovery objectives Start with the most severe threat you organization faces: Natural Disaster Intentional Acts By Third Parties Have neutral facilitator work with operations staff to determine objectives Work to determine recovery objectives for agency operation, not the technology Have senior executive approve objectives Get the capabilities right: account for delays 2007 Symantec Corporation, All Rights Reserved 11
Case Development Continued Layout Objectives Government organizations must be able to execute mission critical functions at all times and under all conditions. Establish Capabilities Given today s resources we can.. Develop Alternative Courses of Action We can continue mission critical applications by splitting them into multiple locations. Align Service Level Agreements (SLA) With Appropriate Organizations 2007 Symantec Corporation, All Rights Reserved 12
Case Development - Example FEDERAL PREPAREDNESS CIRCULAR (FPC 65) FEMA July, 1999 Planning Considerations: Must be maintained at a high level of readiness; Must be capable of implementation both with and without warning; Must be operational no later than 12 hours after activation; Must maintain sustained operations for up to 30 days; and, Should take maximum advantage of existing agency field infrastructures. This Federal Preparedness Circular (FPC) provides guidance to Federal Executive Branch departments and agencies for use in developing viable and executable contingency plans for the continuity of operations (COOP). This FPC is distributed to the heads of Federal department and agencies, senior policy officials, emergency planners, and other interested parties. 2007 Symantec Corporation, All Rights Reserved 13
Case Development - Example FEDERAL PREPAREDNESS CIRCULAR (FPC 65) FEMA June, 2004 a. Must be capable of implementation both with and without warning; b. Must be operational within a minimal acceptable period of disruption for essential functions, but in all cases within 12 hours of COOP activation; c. Must be capable of maintaining sustained operations until normal business activities can be reconstituted, which may be up to 30 days; d. Must include regularly scheduled testing, training, and exercising of agency personnel, equipment, systems, processes, and procedures used to support the agency during a COOP event; e. Must provide for a regular risk analysis of current alternate operating facility(ies); f. Must locate alternate operating facilities in areas where the ability to initiate, maintain, and terminate continuity operations is maximized; 2007 Symantec Corporation, All Rights Reserved 14
FPC 65 Continued g. Should consider locating alternate operating facilities in areas where power, telecommunications, and internet grids would be distinct from those of the primary; h. Should take maximum advantage of existing agency field infrastructures and give consideration to other options, such as telecommuting locations, work-at-home, virtual offices, and joint or shared facilities; i. Must consider the distance of alternate operating facilities from the primary facility and from the threat of any other facilities/locations (e.g., nuclear power plants or areas subject to frequent natural disasters); and j. Must include the development, maintenance, and annual review of agency COOP capabilities using a multi-year strategy and program management plan. The multi- year strategy and program management plan will outline the process the agency will follow to: [More] 2007 Symantec Corporation, All Rights Reserved 15
Operational Vigilance Key Steps Update objectives at least once a year using same business approach methodology Update capabilities report after significant technology changes, each test and each real incident Present an update on gap between business requirements to prevent risk and loss and current capabilities and provide solution options Maintain consistent methodology and consistent reporting Document, document, document 2007 Symantec Corporation, All Rights Reserved 16
After Action Reporting Tips When recovery goes BETTER than expected AS expected LESS than expected Report it! Be the hero! Report it! Call attention to how well you understand meeting business requirements with technology investment, planning and staff capabilities Report it! Show real-world results & how investment should be made to improve recovery times 2007 Symantec Corporation, All Rights Reserved 17
Recovery Objectives Methodology Challenges Lack of common definitions IT staff trying to facilitate a business decision Absence of education on the balance between process and technology solutions Lack of understanding that disasters are supposed to cost money and be uncomfortable and incur some loss 2007 Symantec Corporation, All Rights Reserved 18
Capabilities Assessment Methodology Issues Not accounting for the time it takes to: Identify a potential problem Make a go/no go decision to relocate Absence of critical staff Time it takes to deploy staff and assets Technology failures 25% of all media typically bad at time of incident; etc. 2007 Symantec Corporation, All Rights Reserved 19
Business Case Development Pitfalls to Avoid Objectives developed with: Limited or no involvement from agency operations staff No involvement from agency executives Inconsistent definitions What do you want approach vs. what you need to prevent X loss? Capabilities: Reported as too ambitious Not realistic Presented: In technology terms instead of business terms As availability you get for $$ spent instead of reduction of bankruptcy risk for $$ invested Requested capital vs. delivering strategy options 2007 Symantec Corporation, All Rights Reserved 20
Symantec Continuity of Operations Solutions overview 2007 Symantec Corporation, All Rights Reserved 21
Continuity of Operations Solutions from Symantec Continuity of Operations Prevention: Protect Against and Prevent Data Loss and Downtime Avoid outages via proactively monitoring threats and patch management policies Remediation: Fix the Problem Identify systems to patch, points of attack, application failures, and data loss Recovery: Reach RTOs/RPOs Restore data, application services to meet business recovery time objectives (RTO), recovery point objectives (RPO) 2007 Symantec Corporation, All Rights Reserved 22
Continuity of Operations from Symantec Spans from Prevention to Remediation to Recovery Business Continuity Prevention Remediation Recovery Vulnerability Identified and/or Infrastructure Instrumentation & Early Warnings Sent Vulnerability Proactively Blocked, Application Failed Over Availability of Application, Systems, and Data Assured Prevention Internet Reports on attacks and outages; updates to policies and SLAs; archiving for audit Remediation Recovery Identification of Systems to Patch, Points of Attack, Application Failures, Data Loss Patches & Updates Implemented Across Infrastructure; Applications Recovered; Data Restored 2007 Symantec Corporation, All Rights Reserved 23
Continuity of Operations from Symantec Spans from Prevention to Remediation to Recovery Symantec DeepSight Threat Mgmt System and Alert Services Symantec Managed Security Services VERITAS Business Continuity Management Service Performance Management/i3 Suite Symantec Client Security Symantec Gateway Security Symantec Network Security VERITAS NetBackup (or VERITAS Backup Exec) VERITAS Storage Foundation VERITAS Volume Replicator VERITAS Cluster Server Symantec Backup Exec System Recovery Prevention Internet Reports on attacks and outages; updates to policies and SLAs; archiving for audit Remediation Recovery Symantec ESM Symantec Incident Manager RTO/RPO steps Symantec LiveState Client Management Suite VERITAS Provisioning Manager 2007 Symantec Corporation, All Rights Reserved 24
Continuity of Operations Solution Capabilities Challenges Protect against and prevent data loss and downtime Fix the Problem Reach RTO/RPOs Symantec Solution Characterize threats, deploy policies for shielding, patch management, deploy mitigation efforts Conduct root-cause analysis; isolate application, systems, data problems; identify points of attack, patches Invest in just-enough business continuity, monitor continuously, tune and test 2007 Symantec Corporation, All Rights Reserved 25
Choose the Correct Configuration Align Continuity of Operations objectives with business and risk management requirements If not, your solutions can cost more than they should Present your case in risk management terms Secure needed funding, protect mission critical applications, and reset unreasonable SLAs Compliance guidance can be met Avoid the fear factor RTO/RPO Realtime 2 24 hour 24+ hours 2007 Symantec Corporation, All Rights Reserved 26
Conclusions & Recommendations 2007 Symantec Corporation, All Rights Reserved 27
Issues with continuity of operations Misaligned recovery objectives Budgets don t align with SLA s Compliance is costly Recommendation: Comprehensive Planning Match objectives with requirements Negotiate SLAs first Build recoverable environments Document for compliance 2007 Symantec Corporation, All Rights Reserved 28
Issues with continuity of operations Unclear recovery capabilities App & network dependencies Unclear of recovery definition Recommendation: Generate SLA on recover configurations Document and test all applications and connectivity requirements SLA to business users on restoring business processes 2007 Symantec Corporation, All Rights Reserved 29
Do s and Don ts in the Real World Structure tests to pass Make assumptions as to what is available Rely on just data availability Recommendation: Push tests to failure Test in real life environment Understand agency process and include all resources 2007 Symantec Corporation, All Rights Reserved 30
Do s and don ts in the real world Single Points of Failure Cross-train staff RTO for agency functions Recommendation: Work through all dependencies Train staff at recovery site Include agency functions and not just technology 2007 Symantec Corporation, All Rights Reserved 31
Why Symantec Has the Best Solutions From leading vendor, the ability to: Prevent, remediate and recover from security risks and downtime of applications and data Span a heterogeneous environment from client to storage/systems Easily tailor solution to availability and/or uptime commitments No compromising on product quality 2007 Symantec Corporation, All Rights Reserved 32
Thank You! Skip Farmer Skip_farmer@symantec.com 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. 2007 Symantec Corporation, All Rights Reserved 33